“Colasoft’s Capsa is exactly what we are looking for. After the first time using it, we just stopped searching for any other network analysis software. It is a great product with competitive price. Besides, Colasoft’s Capsa is easy to implement and has a lot of features and very good reports.”

– Vinicius Barrado, IT Director, TripleTech IT Solutions

Company Brief

TripleTech IT Solutions offers outsourcing and consulting/services in network, security and database.

The Challenge

As a consulting and outsourcing company, TripleTech IT Solutions needs software which could analysis clients network in an easy and clear way and counts a lot whether the software could provide them a detail report. Besides, TripleTech IT Solutions needs software which could cost less time to generate reports of network.

The Solution

Easy to implement, Colasoft Capsa gives a quick report which is the principal criteria for TripleTech IT Solutions to find a network analyzer.

After using Capsa, business process Network analysis of TripleTech IT Solutions is enhanced, because it saves TripleTech IT Solutions a lot of time and money in producing the final report for their clients.

Troubleshooting network problems can be a very difficult and challenging task. While most IT engineers use a network analyzer to help solve network problems, whenanalyzing hundreds or thousands of packets, it can become very hard to locate and further research conversations between hosts. Colasoft’s Capsa v8 now introduces a new feature that allows us to highlight-colorize relevant IP conversations in the network based on their MAC address, IP Addresses, TCP or UDP conversations.

This great new feature will allow IT engineers to quickly find the related packets of the conversations they want to analyze emphatically, using just a few clicks.

As shown in the screenshot below, users can colorize any Conversation in the MAC Conversation View, IP Conversation View, TCP Conversation View and UDP Conversation View. Packets related to that Conversation will be colorized automatically with the same color.

Take TCP conversation for example, choose one conversation, right-click it and choose “Select Conversation Color” in the pop-up menu:

Figure 1. Selecting a Conversation Color in Capsa v8.0

Next, select the color you wish to use to highlight the specific conversation:

Figure 2. Selecting a color

Once the color has been selected, Capsa will automatically find and highlight all related packets of this conversation using the same background color:

I wanted to take the opportunity to do a review of the Colasoft Capsa program. I have been asked about this program often, and I think it is time I do a review. Everyone knows that I like this program and I personally use this network analyzer all the time in my consulting position. I love it and I have recommended this program on my blog and to customers of the company I work for. It has saved me time and money in diagnosing problems. And if I’m saving money, that means my customers are saving money. And everyone loves that!

A personal story:
Just to start this out, I want to tell you a quick, condensed story. I had a customer that called me up one morning. They told me that their network was “crawling” and they wanted to know if I knew of anything going on. I was at another client at the time, and all I knew to say at that point was that I could come over and take a look. They told me to hold off at the moment, and they would call me if you needed me. By the time 4PM came, I called that customer back to see what they had found. He told me that they still had the problem, and they wanted me to come on in and see if I could find the problem. I did just that. From the time I got there and started working on the problem, I set up a monitor session and connected my laptop up. Within 10 minutes, I told them what was the problem, what was causing the problem, and how it needed to be resolved. It was a device that had a NIC that started flooding the network. 180K packets per second (Capsa told me this). They went and disconnected the offending network cable for the device, and everything came back up without issue. Key NOTE: They had been working all day on this problem without resolution. I came in and within 10 minutes pointed out what the problem was, what was causing the problem, and what to do to fix it. I was able to do this with the Capsa network analyzer within 10 minutes of starting the troubleshooting. In this example, think of how much money and productivity was lost. The very next day, this customer bought Capsa.

Now, the review:
At first look, the Capsa dashboard has a very nice look and feel to it. The dashboard colors are easy on the eyes when looking at it for long periods time, which is important when needing to troubleshoot problems. You don’t need something hard to look at on top of using your brain to pinpoint issues, and Capsa is certainly easy on the eyes. See below for the first look.

The layout is also well designed. The tabs across the display make it easy to navigate to areas you need to get to. Its almost like the company had true technical engineers design the layout.

The first display I tend to look at and use is the default view. You can easily customize this to whatever it is you are looking for. Capsa puts out some displays for you by default. The defaults are good, but if you need more for what you are trying to accomplish, they made it very easy to add to this display if you want to. I personally modify it to what I like to see.

The “Summary” tab has very good statistical information in it. I personally dont use this tab much, but if you are looking for general statistical information about your network, this is a good place to view. I do know engineers that just want to take samplings on a network, and this is a good tab to view for just that. Things like Diagnosis statistics, Traffic statistics, Packet size Distribution statistics, Protocol statistics by OSI model, etc. Again, very good for taking statistical snapshots during timed intervals.

This next tab is really handy for doing network assessments. Its called the “Diagnose” tab, and this tab will tell you potential problems on the network that Capsa sees. Anything from delays, re-transmissions, SMTP server slow response, HTTP client error, etc. And when I say “etc”, I mean a lot of “etc”s. I use this all the time, and its very handy and helpful for the network engineer. Its handy because it even makes suggestions on what the actual problem resolution might be. That is a pretty cool feature.

The next tab shows a “Protocol” view of the network. This is an excellent view into what protocols are traversing your network. If you see a protocol in this display that you didn’t want on the network, this is a great place to see it quickly. Easy to see and right in front of your eyes without the need to sift through traffic or selecting a column view and then finding the protocol. Its just right in front of you with ease to see. This is very helpful when in a hurry to hunt down what you don’t want on the network, as far as protocol view is concerned. I have had plenty of times when trying to see what protocol is running on a network, just to know for sure what is there and what is not there. And when Im doing a deep inspection of a network, this is definitely one view I look at.

The “Physical Endpoint” tab gives you a view into the layer 2 and layer 3 view into the network for statistics. I personally don’t use this view much. However, I do see the benefit of this tab. You can find problems by either MAC address or IP address, like a malfunctioning NIC. This is a good statistical view of that. I personally will see it in the default view, because Ill customize the view there to see such things. But, this is also a great place for that sort of detail. One thing I really like about this view is that you can see the actual packets if you choose to. Just like what you would see in a wireshark packet capture. This is a great feature.

The “IP Endpoint” is a layer 3 view only into this view. Its very similar to the “Physical Endpoint” tab, with the same features for the most part. This is mostly a statistical view. Again, you can see the actual packet here if you want to see it, just like in wireshark. I have used this screen to find packets from a particular IP address, so that I can use the packet view before. This is very handy and easy to find what you are looking for if you are looking for a particular IP address. From the “offender”, you can view all you want as far as raw packets go. I personally like this and have used this often in the past.

The “Physical Conversation” and “IP conversation” tabs has some important information for troubleshooting delays, etc. I personally have used this tab a lot, especially when looking for delays in traffic to find out what is actually happening. There is a lot of good information in these tab views.

The “TCP Conversation” view is an excellent view for seeing delays, etc. In application type delays, you can easily prove where delta delays are when everyone is pointing at the network as fault. I have used this many times to prove application delays, and where the network was fine. This view makes it very easy to see these types of delays with transaction sequence diagrams, along with seeing the actual packet if you want to (which I do). Again, it just makes it easy. See below for a screenshot.

The “UDP Conversation” view is similar, with the exception of a data flow view. After all, its UDP. I personally dont utilize this tab much. Although, I do see the value in seeing the conversations between devices.

There is now a new section called “VoIP Call” tab. I have experimented with this and I do like this tab. It will show you the calls made via SIP, the status of the calls, duration, invite time, etc. It even has a “translatorX” like view if you are a visual person and want to see the call setup steps that each call has taken. This is especially helpful when troubleshooting failed SIP calls. This is a welcomed addition to the Capsa package. With that said, I must tell you that for now, it only will recognize SIP calls. It will not recognize H323, MGCP, or SCCP. I have to admit, that is a little disappointing. However, that is really the only negative thing I can say about this tab. But, I suspect that will change in the future. But, keep in mind, you can still view H323, MGCP, and SCCP in the other tabs if you looking for them. Its just not in this tab. Overall, I’m still impressed with this VoIP capability. I’d really like to show you this screen, but there is just too much sensitive information I cant give out in my capture. So I’m only going to show you a piece of the screen, so that you get the idea of what you will see. I did blot out the personal info on this screenshot, but again, there is more to this screen than what I’m showing below.

There is a new “Ports” tab that shows all the ports being used on the network. From here, you can view the traffic conversations, along with the data flows. Again, this is really important in finding delays, etc. I really like this new addition to the Capsa product.

There is a “Matrix” tab which shows you in a circular diagram the traffic from source to destination. I dont use this much, except to get an impression on how many devices are actually talking to each other. From here, you can, again, look at the raw packets. I have heard other engineers say they like this view. I think this must be just personal preference.

The “Packet” tab takes you right to the raw packet view. Again, this is convenient, as you can go directly to search for specific IPs or MAC addresses quickly. And again, with all the info you would need in the display for finding what you want in the packet capture.

The “Log” view is just that. It shows you a log of successful and failed events. Anything from a global view of all traffic, to seeing only DNS, Email, HTTP, etc types of traffic. This is an excellent addition to the product when you need to see events outside a packet view.

The last tab is called “Report”. I absolutely love this tab. For the executives, you can run the reports they want to see without them actually being technical in nature. Lets face it, they just want the high level overview. They dont want to see the packet details, the troubles, etc. They just want the facts, and these canned reports will give them just that. Also, you can customize your own reports as well. You can even customize this to your company name, logo, etc. This is a nice feature.

Other features:
You can get Capsa to send you an audible alarm when an event happens, something you customize yourself. You can also get it to send you an email when the event happens, if you happen to not be in front of your Capsa PC/Server.

I also like the displays across the top of the program. I use the “utilization” and “pps” (packets per second) displays almost every time I use Capsa. These views are easy to detect broadcast storms, over utilization, etc. There is also a “Traffic Chart (bps)” chart that is a visual of the amount of traffic that is on the network. I like these views for sure. They are always up front and if something starts happening on the network, you can easily see some of these types of events in these displays. Very handy when you are going through the tabs and still able to see these views at the top. I personally like that this was carefully thought of for the network engineer.

Another thing I like, is that if you are looking for only certain types of traffic, you can filter Capsa to only display that traffic without seeing all the other traffic you are not looking for. This is handy when you know where the problem is, but dont know the cause of the problem.

One thing to note here in this review. I have mentioned a lot of features in this program. However, what I have not mentioned is ALL of the capabilities in each tab. There are a ton of things you can do in most of the tabs. Don’t think I covered everything. I have only covered a fraction of what you get out of this product. What I suggest is that you go and download a demo of this product. Try it for yourself and download a trial of this to see if you like it. Visit Colasoft at www.colasoft.com, and let me know how you like it.

About Shane Killen

Shane Killen currently works at a consulting company in Birmingham, Alabama. It is a consulting firm that deals with most aspects of IT Technology.
He works as a IT consultant, serving as a Senior Network Engineer. Shane Killen has been working in IT professionally since 1996. Certifications currently hold – Cisco CCNP (R&S), Cisco CCNP Voice, Cisco CCDP, Brocade BCNP, ShoreTel Advance Systems and Troubleshooting, CompTIA Network+, CompTIA A+, CSSA, Palo Alto ACE.

Colasoft Capsa Enterpriseis a network management solution aimed at small and medium-sized businesses and network administrators. This network traffic analyzer lets users monitor, detect, and troubleshoot network issues in a fast and simple manner. Among the powerful features this edition of Capsa includes is the ability to monitor both Ethernet and wireless networks.

As a comprehensive network sniffer, Capsa Enterprise is able to perform different types of analysis and tests over one or multiple wired and wireless connections (like 802.11a/b/g/n). It lets you run analysis of specific aspects of your network or a full Test providing an exhaustive level of detail. Capsa is able to perform packet capture in real time, monitor traffic, run security analysis to detect potential security risks, map the traffic and MAC, IP addresses of every host on the network, as well analyse different protocols like HTTP, FTP, and DNS, and applications like IM, Email (POP3, IMAP4, SMTP), and VoIP, letting you log and save data to disk. These complex tasks are carried out in a fast and simple way, with literally a few clicks.

Besides its straightforward interface, it is worth highlighting the way Capsa displays the data obtained by means of graphs, charts, and statistics that are easy to read and interpret, letting users detect and address potential issues in the most effective way. With the analysis results ordered in tabs and the several filters available it is easy to find the information you want to focus on. The Dashboard is the first section you will see once the analysis is on; and there are several view modes to choose from, including the possibility of adding or removing panels. Another tab that deserves particular mention is the Matrix tab, which maps network traffic between network nodes in a graph.

Other tools available in the pack include Packet Player, Packet Builder, Ping, and MAC Scanner, the possibility of scheduling tasks and adding alarms.

To sum up, Colasoft Capsa Enterpriseis a tool that combines powerful features with in-depth analysis and statistics, essential for network adminitrators and engineers. This network sniffer has a cost of $995 and the free demo version is fully functional for 15 days.

Colasoft received the Best Products of 2012 Award from PC Magazine for Colasoft Capsa, one of our flagship software products designed for LAN and WLAN network monitoring, troubleshooting and analysis. Capsa gets a 4.5-star Editors’ Choice pick for networking utilities.

The editors of PC Magazine note that Capsa is a well-designed, fairly user-friendly (at least for network admins), Windows-oriented network analysis tool that offers network admins deep insight into their networks without the steep learning curve required to learn the ins and outs of Wireshark, plus Capsa is heavier on data visualization.

We are very pleased to announce that Colasoft Capsa network analyzer has been upgraded to version 7.4, with great new features and enhanced interface and user experience.

Colasoft Capsa 7.4 is now capable of monitoring, troubleshooting and analyzing 802.11 a/b/g/n wireless networks, which make Capsa not only an Ethernet network analyzer, but a packet sniffer for both wired and wireless networks. Besides that, Capsa interface and user experience has been highly enhanced, too. We have made many changes and improvements like optimize start page layout, network profile settings, and so on.

Colasoft Capsa 7.4 now has full different editions to meet different demands: enterprise edition, professional edition, WiFi edition and free edition. Free trails are all available at www.colasoft.com.

Dear customers, Colasoft Capsa Thanksgiving Big Sale already begun, we promise you can purchase Capsa Network Analyzer at the most favorable price which save you a huge amount of money. Don’t miss this unique opportunity. Just get your coupon now.

50% off for 3 and 5 Seats License.40% off for 2 Seats License.30% off for Single Seat License.20% off for Renewal.

Dear customers, with the big holliday-Thanksgiving’s coming very soon, Colasoft are wishing you a great thanksgiving with Capsa Big Sale. We will provide up to 50% off for our flagship product-Colasoft Capsa Enterprise, you can purchase Capsa at the most favorable price on our Big Sale. Please stay close.